Linux Reference

This document serves as a personal Linux reference for bringing servers online and keeping them operational. It records the commands, configurations, and patterns I use in practice to deploy web applications, manage services, and expose systems safely to the internet.

The focus is on what works reliably, not on mastering every subsystem in depth. These notes reflect an application-centric view of Linux: using the operating system as a stable foundation for running software rather than as an end in itself.

General

Reboot

sudo reboot

User

adduser $USER_NAME
usermod -aG sudo $USER_NAME

Firewall

ufw app list
ufw allow OpenSSH
ufw enable -y
ufw status

install

An example of installing apps.

apt-get install -y nodejs
apt-get install -y npm

Services

Test Nginx configuration

sudo systemctl status {service}
sudo systemctl restart {service}
sudo systemctl enable {service}
sudo systemctl disable {service}
sudo systemctl start {service}
sudo systemctl stop {service}
sudo journalctl -xeu {service}

NGINX

Nginx Install

sudo apt install nginx -y
#Weird hack to bypass an issue on ubuntu22
sudo apt-get remove nginx
sudo apt update
sudo apt install nginx
#should show nginx http here:
sudo ufw app list

Nginx Firewall

sudo ufw allow 'Nginx Full'
sudo ufw enable -y
systemctl status nginx

Nginx Commands

NGINX is a service so it's commands are the same as the ones listed in the service section with nginx being the service name, however, I have included it's specific commands here, as I believe setting up services is a more advanced step compared to just running NGINX and people looking to use nginx might not be fully aware of services as a general concept yet.

Nginx Report

sudo nginx -t

Restart Nginx

sudo systemctl restart nginx

Start Nginx

sudo systemctl start nginx

Stop Nginx

sudo systemctl stop nginx

Enable Nginx to start on boot

sudo systemctl enable nginx

Disable Nginx from auto-starting

sudo systemctl disable nginx

Check Nginx service status

sudo systemctl status nginx

View recent logs

sudo journalctl -u nginx --since "10 minutes ago"

Nginx .conf

This is an example of a solid NGINX reverse proxy configuration, commonly used to front application servers.

Features

  • It redirects the www. subdomain to the canonical non-www domain. DNS records for both the www and non-www domains must point to the server so NGINX can receive and redirect traffic
  • Uses HTTP/2, which improves performance for most modern web applications by multiplexing multiple requests over a single connection, reducing latency for pages with many assets.
  • Enables HTTPS by terminating TLS using an SSL certificate. Certificate issuance is handled separately.
  • The domain name must be changed to your site's domain name.
  • {PORT} must be replaced with the port your web app is listening to.
server {
    listen 80;
    server_name www.example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    return 301 https://example.com$request_uri;
}

# Handle non-www traffic
server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:{PORT};
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Cert

To enable HTTPS, an SSL certificate is required. Certificates can be obtained for free using common tooling. I use the following shell script to quickly provision certificates for new domains.

#!/bin/sh
#get_cert.sh

# Prompt for the domain name
read -p "Enter the domain name for which you want to obtain an SSL certificate: " DOMAIN_NAME

# Run Certbot to obtain the SSL certificate
echo "Attempting to obtain an SSL certificate for $DOMAIN_NAME..."
sudo certbot certonly --nginx -d "$DOMAIN_NAME"

# Check if Certbot was successful
if [ $? -eq 0 ]; then
  echo "SSL certificate for $DOMAIN_NAME obtained successfully."
else
  echo "An error occurred while trying to obtain the SSL certificate for $DOMAIN_NAME."
fi

Personal Notes

Putty

I use putty primarily for a server console.

  • Right click pastes into console

FileZilla

For basic sites i use FileZilla with restart .trigger files

Rsync

I use Rsync for complex update pipelines.

Provider